pant Posted September 21, 2007 Share Posted September 21, 2007 Hi I have download phpauth-v1. I manage to set up almost everything accept to login. The read me file says: Create database text file on your webserver. e.g. members.txt 2. Edit phpAuth_config.php to suit your needs. 2.1 Change the database name to the database text file you've created. 2.1 Edit the redirection for login and logout CHMOD your database text file to 666 I have done everything the demo members.txt file was given was like that: admin 9003d1df22eb4d3820015070385194c8 Now in the login page I tried this combinatios but i got error login details. I changed to other username and password but the same result. Any help Thank you Quote Link to comment Share on other sites More sharing options...
hvle Posted September 21, 2007 Share Posted September 21, 2007 I think the number after admin is a hashed value of the password, very likely to be an md5 well, since you can't decrypt it, try to enter this after the admin: 21232f297a57a5a743894a0e4a801fc3 and use "admin" as your password. Quote Link to comment Share on other sites More sharing options...
pant Posted September 21, 2007 Author Share Posted September 21, 2007 I think the number after admin is a hashed value of the password, very likely to be an md5 well, since you can't decrypt it, try to enter this after the admin: 21232f297a57a5a743894a0e4a801fc3 and use "admin" as your password. Ok I ll try If I want to use my own usernames and passwords whta shall I do then? Thank you Quote Link to comment Share on other sites More sharing options...
hvle Posted September 21, 2007 Share Posted September 21, 2007 First I am not very sure if the script used md5 to encrypt the password. Even if they used md5, they may add a salt and you got a totally different encrypted value. You gotta look at the way they encrypt the password, then encrypt your own password and replace it in the members.txt file Quote Link to comment Share on other sites More sharing options...
pant Posted September 21, 2007 Author Share Posted September 21, 2007 If and when you have the time please Here is the link for the script http://scripts.ringsworld.com/user-authentication/phpauth-v1/ Can u have a look Thanks for your time Quote Link to comment Share on other sites More sharing options...
hvle Posted September 21, 2007 Share Posted September 21, 2007 copy and paste the function phpAuth_chk_login() in phpAuth_functions.php Quote Link to comment Share on other sites More sharing options...
pant Posted September 21, 2007 Author Share Posted September 21, 2007 This is the phpAuth_function.php <? function phpAuth_chk_login() { session_start(); if (!isset($_SESSION["phpAuth_username"])) { echo "You are currently not logged in. Please go to the login page"; exit; } } ?> Quote Link to comment Share on other sites More sharing options...
hvle Posted September 21, 2007 Share Posted September 21, 2007 ahh... ok then, this is not the one i tried to look for. You need to find the function in which it actually compare the password and set the $_SESSION['phpAuth_username'] find any function that called: $_SESSION['phpAuth_username'] = .... Quote Link to comment Share on other sites More sharing options...
pant Posted September 21, 2007 Author Share Posted September 21, 2007 Ok Ifound it. It is in phpAUTH_inc.php session_start(); $_SESSION["phpAuth_username"] = $_POST["phpAuth_usr"]; $_SESSION["phpAuth_password"] = $_POST["phpAuth_pwd"]; What I have to do now? I mean what I have to put to members.txt so I can add users? Quote Link to comment Share on other sites More sharing options...
pant Posted September 21, 2007 Author Share Posted September 21, 2007 I dont want people to register. I want me to give them user names and passwords Quote Link to comment Share on other sites More sharing options...
hvle Posted September 21, 2007 Share Posted September 21, 2007 no not this line pant, I want you to post the whole function. Quote Link to comment Share on other sites More sharing options...
pant Posted September 22, 2007 Author Share Posted September 22, 2007 Ok Here it is <? if (isset($_POST["phpAuth_Submit"])) { include "phpAuth_config.php"; $filename = $database_name; if (!file_exists($filename)) { echo "No database exists. Please check your config file."; } else { $handler = fopen($filename,'r'); $members = file_get_contents($filename); // get username and password $users_array = explode ("\n",$members); foreach ($users_array as $users) { if ($users != "" || $users != NULL) { // break username and password string into seperate variables. list($username,$password) = explode("\t",$users); if ($_POST["phpAuth_usr"] == trim($username) && md5($_POST["phpAuth_pwd"]) == trim($password)) { $logged_in = 1; break; } else { $logged_in = 0; } } else { break; } } // end foreach if ($logged_in != 1) { // IF USER IS NOT LOGGED IN echo "Error! Incorrect Details. <a href=\"".$_SERVER['HTTP_REFERER']."\">Go Back</a>"; } else { // ELSE LOGGED IN session_start(); $_SESSION["phpAuth_username"] = $_POST["phpAuth_usr"]; $_SESSION["phpAuth_password"] = $_POST["phpAuth_pwd"]; if ($_POST["phpAuth_rm"] == 1) { setcookie("phpAuth_username",$_POST["phpAuth_usr"],time()+3600); } header('Location: '.$login_redirect.''); } } // END IF FILE EXISTS } else { ?> Thanks for your time EDITED BY WILDTEEN88: Please use code tags ( when including code within posts. Thank you Quote Link to comment Share on other sites More sharing options...
hvle Posted September 23, 2007 Share Posted September 23, 2007 if ($_POST["phpAuth_usr"] == trim($username) && md5($_POST["phpAuth_pwd"]) == trim($password)) { it is confirmed to be md5 encryption. so if you like to set your password, encode your password using md5 and store in the members.txt file There are websites which provide various type of encryption converting. You may want to do a search on "md5, crc web based converter" Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.